The term "phishing", comes, naturally, from the
word fishing, and follows a very similar approach. Fraudsters and scammers,
(the "fishermen"), send out large quantities of emails, (the
"bait"), to mostly random address across the internet.
These emails appear to be from a variety of banks, financial
services and sites like eBay, AOL and PayPal, all asking the victim to enter
their account and/or credit card details.
Not every email from a company will be a attempt at
"phishing"; some are genuine. But if you get an email asking for
sensitive information, then it is more than likely a fake, so do not answer it.
Either delete it or report it to your bank.
The person who is initiating the scam sends an E-mail to
millions of people. The E-mail message is designed to appear to come from a
bank, Internet Service Provider, online auction company, or from anyone else
that you could potentially have regular business dealings with.
The From header
on the message is spoofed, and the message is designed to look as official as
possible. The message's sole purpose is to gather information.
The reasons for asking for the details are from supposed problems with computer systems loosing account details, through to the more
genuinely helpful looking reasons such as checking that a recent credit
transaction was not unauthorized.
To put on the pressure, they will generally
try to convince you that your account will be suspended if you do not email
them immediately.
Although only a small proportion of people (about 5%) will
actually act in response to phishing emails, for the scammer this is still a
very large return for a minimum of risk. It is legal to send a phishing email;
a crime is only committed if the scammer actually obtains the details he is
after.
So what about that official looking URL on the E-mail
message? Sure, it probably looks like the bank's official Web site, but try
hovering your mouse over the URL. When you hover your mouse over the URL, you
will see the hyper link appear.
If the URL is legitimate, the hyperlink should
match the URL displayed in the message exactly. Typically, the person who
created the message will replace the URL with an IP address, or they will use a
domain name that is spelled very similarly to the bank's domain name.
Many people have noticed the warnings that are on their
service's online banking website, stating that the bank will never ask for your
personal information through an email or through the telephone.
The most ironic thing about these emails is that they
actually prey upon people's fears of being exposed to fraud. Some include
comments stating that you will be a victim of fraud if you do not update your
account.
Related Articles:
|
